Lucene search
K
FreebsdRecent

6577 matches found

FreeBSD
FreeBSD
•added 2026/05/20 12:0 a.m.•14 views

net/rsync -- multiple vulnerabilities

The rsync project reports: Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case. In addition to the six CVE fixes, this release adds defence-in-depth hardening on several adjacent paths: bounded wire-supplied counts an...

8.1CVSS5.9AI score0.0078EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/20 12:0 a.m.•18 views

FreeBSD -- Missing validation in ptrace(PT_SC_REMOTE)

Problem Description: ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. Impact: T...

8.4CVSS6AI score0.00196EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/05/20 12:0 a.m.•15 views

gitea -- multiple vulnerabilities

The Gitea team reports: CVE-2026-27783: incorrect read permission check CVE-2026-25714: public-only token filtering bypass CVE-2026-20706: missing token scope checking CVE-2026-27771: unauthenticated access to private container images CVE-2026-28744: git smart HTTP request scope bug CVE-2026-2869...

9.8CVSS6.1AI score0.40738EPSS
Exploits7References2
FreeBSD
FreeBSD
•added 2026/05/18 12:0 a.m.•48 views

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: See linked CVE's for details...

9.9CVSS5.8AI score0.00797EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2026/05/18 12:0 a.m.•87 views

Vinyl/Varnish -- HTTP/2 parsing deficiency

Vinyl Development Team reports: A deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass or possibly even information disclosure and manipulation...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/15 12:0 a.m.•17 views

traefik -- Unauthorized exposure of the REST provider

The traefik project releases a new version addressing a CVE: CVE-2026-44774 Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider...

9.9CVSS5.8AI score0.00457EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/05/14 12:0 a.m.•22 views

www/nginx -- Remote Code Execution/DoS

nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...

9.2CVSS6.1AI score0.61469EPSS
Exploits41
FreeBSD
FreeBSD
•added 2026/05/14 12:0 a.m.•14 views

mail/mailpit -- multiple vulnerabilities

Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP DATA and /api/v1/send body sizes GHSA-fpxj-m5q8-fphw Include CGNAT Carrier-Grade NAT in internal IP checks GHSA-j3fj-qppj-fmmc Block internal IP access by default in HTML check GHSA-j3fj-qppj-fmmc Fix f...

5.9AI score0.00099EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2026/05/14 12:0 a.m.•32 views

PostgreSQL -- Multiple vulnerabilities

The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's...

8.8CVSS6.4AI score0.00668EPSS
Exploits0References11
FreeBSD
FreeBSD
•added 2026/05/13 12:0 a.m.•21 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/05/13 12:0 a.m.•25 views

nginx-devel -- multiple vulnerabilities

The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2 proxying, rewrite handling, SCGI/uWSGI response handling, charset conversion, HTTP/3 connection migration, and OCSP resolver response processing...

9.2CVSS6AI score0.61469EPSS
Exploits41References2
FreeBSD
FreeBSD
•added 2026/05/12 12:0 a.m.•19 views

zeek -- potential DoS vulnerability

Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use large amounts of memory and potentially crash...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/11 12:0 a.m.•14 views

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.3 release: Six security vulnerabilities were addressed, including: Bounds check errors in MXF VANC packet handling. Use-after-free in GStreamer core buffer value deserialization. Out-of-bounds read in MXF demuxer...

6.2AI score
Exploits0References6
FreeBSD
FreeBSD
•added 2026/05/07 12:0 a.m.•18 views

www/gohugo -- CWE-79: XSS vulnerabilities

https://go.dev/issue/78913 reports: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to...

6.1CVSS7.5AI score0.00371EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/05/07 12:0 a.m.•17 views

firefox -- Memory safety bugs present in Firefox ESR 115

https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/ reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS5.8AI score0.00384EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/07 12:0 a.m.•16 views

firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2034352 reports: Use-after-free in the DOM: Networking component...

7.5CVSS5.8AI score0.00317EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/07 12:0 a.m.•22 views

firefox -- Memory safety bugs present in Firefox 150

https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/ reports: Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/07 12:0 a.m.•17 views

Mozilla -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=2029301 reports: Incorrect boundary conditions in the Audio/Video: Playback component...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/07 12:0 a.m.•15 views

firefox ESR -- Other issue in the WebRTC component

https://bugzilla.mozilla.org/showbug.cgi?id=2035939 reports: Other issue in the WebRTC component...

9.8CVSS5.8AI score0.00446EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/05 12:0 a.m.•16 views

chromium -- security fixes

Chrome Releases reports: This update includes 127 security fixes: Critical: 493747582 CVE-2026-7896: Integer overflow in Blink. 504069514 CVE-2026-7897: Use after free in Mobile. 504587882 CVE-2026-7898: Use after free in Chromoting. High: 505481948 CVE-2026-7899: Out of bounds read and write in...

9.6CVSS6AI score0.00383EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/05/04 12:0 a.m.•42 views

www/apache24 -- Multiple vulnerabilities

The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...

9.8CVSS5.8AI score0.4581EPSS
Exploits18References1
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•10 views

Prosody XMPP server advisory 2026-04-29

The Prosody team reports: Traffic patterns were discovered which can cause Prosody to consume excessive amounts of memory with much smaller amounts of incoming traffic. This traffic can be sent by unauthenticated connections. It was discovered that modproxy65’s access control was broken and...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•18 views

FreeBSD -- Local privilege escalation via execve()

Problem Description: An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. Impact: The bug may be exploitable by an unprivileged user to obtain superuser privileges...

7.8CVSS5.7AI score0.00179EPSS
Exploits1
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•14 views

MongoDB Server -- Multiple vulnerabilities

https://jira.mongodb.org/browse/SERVER-119981 reports: Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. An authorization flaw in the user management command could allow an authenticated user to make limited changes t...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•11 views

FreeBSD -- Heap overflow in libnv

Problem Description: When processing the header of an incoming message, libnv failed to properly validate the message size. Impact: The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible...

8.1CVSS5.3AI score0.00316EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•12 views

FreeBSD -- pf can overflow the stack parsing crafted SCTP packets

Problem Description: Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Impact: Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to...

7.5CVSS5.4AI score0.00432EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•13 views

Text::CSV_XS -- CWE-825 Expired Pointer Dereference

H.Merijn Brand - Tux reports: Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example...

8.4CVSS5.9AI score0.00158EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•11 views

FreeBSD -- Stack overflow via select() file descriptor set overflow

Problem Description: When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. Impact: An attacker who is able to force a libnv applicati...

7.8CVSS5.4AI score0.00151EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•15 views

FreeBSD -- Remotely triggerable out-of-bounds heap write in dhclient

Problem Description: As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. Impact: A specially crafted...

8.1CVSS5.7AI score0.01423EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•15 views

FreeBSD -- Remote code execution via malicious DHCP options

Problem Description: The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the...

8.1CVSS5.6AI score0.00431EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/04/29 12:0 a.m.•14 views

openexr -- multiple vulnerabilities

Cary Phillips reports: OpenEXR v3.4.11 is a patch release that addresses the following security vulnerabilities: CVE-2026-42217 Shift exponent overflow in readVariableLengthInteger ImfIDManifest.cpp CVE-2026-42216 Out-of-bounds read in IDManifest::init during prefix expansion CVE-2026-41142 Integ...

9.8CVSS5.9AI score0.00393EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2026/04/28 12:0 a.m.•8 views

Mozilla -- Sandbox escape

https://bugzilla.mozilla.org/showbug.cgi?id=2029461 reports: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component...

9.6CVSS5.2AI score0.00258EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/28 12:0 a.m.•10 views

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040 reports: Memory safety bugs. Some of these bugs showed evidenc...

8.8CVSS5.6AI score0.00316EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/28 12:0 a.m.•11 views

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2029419%2C2029717%2C2029769%2C2029886 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

7.5CVSS5.6AI score0.003EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/28 12:0 a.m.•14 views

firefox -- Information disclosure

https://bugzilla.mozilla.org/showbug.cgi?id=2027433 reports: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

7.5CVSS5.2AI score0.00323EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/28 12:0 a.m.•10 views

firefox -- Information disclosure

https://bugzilla.mozilla.org/showbug.cgi?id=2027433 reports: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

7.5CVSS5.2AI score0.00323EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/28 12:0 a.m.•16 views

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2028537%2C2029911%2C2031121%2C2033602 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/28 12:0 a.m.•12 views

modsecurity3 -- multiple vulnerabilities

ModSecurity is an open source web application firewall engine. According to the upstream changelog, multiple vulnerabilities have been fixed. CVE-2026-42268: unsigned integer underflow in verify operators CVE-2026-30923: buffer overflow in hexdecode...

8.2CVSS6AI score0.00435EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2026/04/22 12:0 a.m.•14 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab Improper Resolution of Path Equivalence issue in Web IDE asset impacts GitLab CE/EE Cross-site Scripting issue in Storybook impacts GitLab CE/EE Denial of Service issue in discussions endpoint impacts GitL...

5.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•7 views

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C...

7.5CVSS5.6AI score0.00302EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•5 views

Mozilla -- Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component

https://bugzilla.mozilla.org/showbug.cgi?id=2027564 reports: Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component...

5.3CVSS5.2AI score0.0023EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•6 views

Mozilla -- Other issue in the Networking: DNS component

https://bugzilla.mozilla.org/showbug.cgi?id=2022726 reports: Other issue in the Networking: DNS component...

5.3CVSS5.1AI score0.00161EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•14 views

Mozilla -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=2021770 reports: Incorrect boundary conditions in the WebRTC: Networking component...

7.8CVSS5.2AI score0.0011EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•5 views

Mozilla -- Incorrect boundary conditions in the WebRTC component

https://bugzilla.mozilla.org/showbug.cgi?id=2021768 reports: Incorrect boundary conditions in the WebRTC component...

5.3CVSS5.2AI score0.00208EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•6 views

Mozilla -- Denial-of-service

https://bugzilla.mozilla.org/showbug.cgi?id=2015959 reports: Denial-of-service due to integer overflow in the Graphics: WebGPU component...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•17 views

Mozilla -- Mitigation bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2025067 reports: Mitigation bypass in the DOM: Security component...

9.8CVSS5.2AI score0.00309EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•12 views

Mozilla -- Other issue in the Storage: IndexedDB component

https://bugzilla.mozilla.org/showbug.cgi?id=2024220 reports: Other issue in the Storage: IndexedDB component...

6.5CVSS5.2AI score0.04938EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•5 views

Mozilla -- Information disclosure

https://bugzilla.mozilla.org/showbug.cgi?id=2022419 reports: Information disclosure in the Form Autofill component...

5.3CVSS5.2AI score0.00215EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•13 views

Mozilla -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=2022162 reports: Incorrect boundary conditions in the DOM: Device Interfaces component...

6.5CVSS5.2AI score0.00231EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/21 12:0 a.m.•9 views

Mozilla -- Mitigation bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2016923 reports: Mitigation bypass in the Networking: Cookies component...

9.8CVSS5.2AI score0.00279EPSS
Exploits0References1
Total number of security vulnerabilities6577