Lucene search
K
FreebsdRecent

6581 matches found

FreeBSD
FreeBSD
added 2022/10/24 12:0 a.m.108 views

Grafana -- Username enumeration

Grafana Labs reports: When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. The CVSS score for this vulnerability is 5.3 Moderate...

8.1CVSS1.4AI score0.0074EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/24 12:0 a.m.9 views

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: a pre-auth SQL injection in then saving user comments a reflected cross-site scripting vulnerability in the search a stored cross-site scripting vulnerability in the meta data administration a weak password requirement...

2.1AI score
Exploits0References3
FreeBSD
FreeBSD
added 2022/10/24 12:0 a.m.21 views

Grafana -- Privilege escalation

Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...

8.1CVSS3.5AI score0.0074EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/22 12:0 a.m.99 views

traefik -- Use of vulnerable Go module x/net/http2

The Go project reports: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, whi...

7.5CVSS0.4AI score0.01814EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/10/20 12:0 a.m.49 views

go -- multiple vulnerabilities

The Go project reports: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permitted access to Windows device files under that root. For example,...

6.9AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/19 12:0 a.m.387 views

nginx -- Two vulnerabilities

NGINX Development Team reports: Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact CVE-2022-41741, CVE-2022-41742...

7.8CVSS2.3AI score0.01069EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2022/10/18 12:0 a.m.109 views

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

7.2CVSS7.1AI score0.04425EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/17 12:0 a.m.34 views

go -- syscall, os/exec: unsanitized NUL in environment variables

The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...

7.5CVSS2.4AI score0.00778EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/13 12:0 a.m.28 views

freerdp -- clients using `/parallel` command line switch might read uninitialized data

MITRE reports: FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected...

7.5CVSS7.7AI score0.00829EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/13 12:0 a.m.29 views

freerdp -- clients using the `/video` command line switch might read uninitialized data

MITRE reports: All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected...

7.5CVSS7.8AI score0.00985EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/11 12:0 a.m.30 views

chromium -- mulitple vulnerabilities

Chrome Releases reports: This release contains 6 security fixes: 1364604 High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang @eternalsakura13 and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16 1368076 High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by...

8.8CVSS1.2AI score0.00683EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/11 12:0 a.m.42 views

OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher

The OpenSSL project reports: Using a Custom Cipher with NIDundef may lead to NULL encryption low...

7.5CVSS7.6AI score0.02846EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/10 12:0 a.m.15 views

roundcube-thunderbird_labels -- RCE with custom label titles

The Roundcube project reports: Description: Remote code execution vulnerability in roundcube-thunderbirdlabels when tblabelmodifylabels is enabled. Workaround: If you cannot upgrade to roundcube-thunderbirdlabels-1.4.13 disable the tblabelmodifylabels config option...

2.1AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/06 12:0 a.m.14 views

py-dparse -- REDoS vulnerability

yeisonvargasf reports: dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. Users unable to...

7.5CVSS6.9AI score0.00982EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/10/06 12:0 a.m.26 views

routinator -- potential DOS attack

Due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may st...

7.5CVSS2.8AI score0.00721EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/04 12:0 a.m.29 views

go -- multiple vulnerabilities

The Go project reports: archive/tar: unbounded memory consumption when reading headers Reader.Read did not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics...

7.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/03 12:0 a.m.32 views

strongswan -- DOS attack vulnerability

Lahav Schlesinger reported a bug related to online certificate revocation checking that can lead to a denial-of-service attack...

7.5CVSS1.7AI score0.01634EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/10/02 12:0 a.m.10 views

phpmyfaq -- CSRF vulnerability

phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid CSRF when logging out an user...

3.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/30 12:0 a.m.30 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 3 security fixes, including: 1366813 High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22 1366399 High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21...

8.8CVSS1AI score0.00713EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/29 12:0 a.m.15 views

Python -- multiple vulnerabilities

Python reports: gh-97616: Fix multiplying a list by an integer list = int: detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner. gh-97612: Fix a shell code injection vulnerability in the...

1.4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/29 12:0 a.m.42 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...

5.3CVSS1.4AI score0.00641EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/09/29 12:0 a.m.52 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: Denial of Service via cloning an issue Arbitrary PUT request as victim user through Sentry error list Content injection via External Status Checks Project maintainers can access Datadog API Key from logs Unsafe serialization of Json data could lead to sensitive data leakage Import...

7.5CVSS0.7AI score0.01349EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/09/28 12:0 a.m.10 views

Python -- multiple vulnerabilities

Python reports: gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log. This is done by changing the http.server BaseHTTPRequestHandler .logmessage method to replace control characters with a \xHH hex esca...

1.1AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/27 12:0 a.m.9 views

gitea -- multiple issues

The Gitea team reports: Sanitize and Escape refs in git backend Bump golang.org/x/text Update bluemonday...

1.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/27 12:0 a.m.46 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 20 security fixes, including: 1358907 High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01 1343104 High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 1319229...

8.8CVSS0.00616EPSS
Exploits6References1
FreeBSD
FreeBSD
added 2022/09/26 12:0 a.m.24 views

py39-joblib -- arbitrary code execution

jimlinntu reports: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS9.5AI score0.01975EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2022/09/26 12:0 a.m.43 views

unbound -- Non-Responsive Delegation Attack

A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for...

7.5CVSS3.2AI score0.01293EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/23 12:0 a.m.25 views

Django -- multiple vulnerabilities

Django reports: CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs...

7.5CVSS2.1AI score0.0272EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/23 12:0 a.m.78 views

Matrix clients -- several vulnerabilities

Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...

8.6CVSS2.6AI score0.01001EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/21 12:0 a.m.26 views

jenkins -- XSS vulnerability

Jenkins Security Advisory: Description High SECURITY-2886 / CVE-2022-41224 Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This results in a stored cross-site scripting XSS vulnerability exploitable...

5.4CVSS0.4AI score0.0089EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/21 12:0 a.m.109 views

redis -- Potential remote code execution vulnerability

The Redis core team reports: Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer...

9.8CVSS5.7AI score0.02904EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/19 12:0 a.m.10 views

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: Fix a possible overflow and crash in the ICMP analyzer when receiving a specially crafted packet. Fix a possible overflow and crash in the IRC analyzer when receiving a specially crafted packet. Fix a possible overflow and crash in the SMB analyzer when...

2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/16 12:0 a.m.17 views

py-tensorflow -- unchecked argument causing crash

Jingyi Shi reports: The 'AvgPoolOp' function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program...

7.5CVSS7.7AI score0.00562EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/14 12:0 a.m.46 views

expat -- Heap use-after-free vulnerability

Debian Security Advisory reports: Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed...

8.1CVSS8.6AI score0.01659EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/09/14 12:0 a.m.76 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release includes 11 security fixes, including: 1358381 High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang @eternalsakura13 of 360 Vulnerability Research Institute on 2022-08-31 1358090 High CVE-2022-3196: Use after free in PDF...

8.8CVSS0.2AI score0.01908EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/12 12:0 a.m.19 views

dendrite -- Signature checks not applied to some retrieved missing events

Dendrite team reports: Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events...

2.2AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/07 12:0 a.m.46 views

security/keycloak -- Multiple possible DoS attacks

CIRCL reports: CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. CVE-2022-40151: I...

8.2CVSS5.2AI score0.08689EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2022/09/07 12:0 a.m.43 views

Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana Labs reports: On September 7th as a result of an internal security audit we have discovered that Grafana could leak the authentication cookie of users to plugins. After further analysis the vulnerability impacts data source and plugin proxy endpoints under certain conditions. We believe...

7.8CVSS6.4AI score0.01228EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/07 12:0 a.m.44 views

Grafana -- Improper authentication

Grafana Labs reports: On September 7, as a result of an internal security audit, we discovered a security vulnerability in Grafana’s basic authentication related to the usage of username and email address. n Grafana, a user’s username and email address are unique fields, which means no other user...

7.8CVSS6.5AI score0.01228EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/06 12:0 a.m.32 views

go -- multiple vulnerabilities

The Go project reports: net/http: handle server errors after sending GOAWAY A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service. net/url: JoinPath does...

7.5CVSS7.7AI score0.02607EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/09/02 12:0 a.m.49 views

chromium -- insufficient data validation in Mojo

Chrome Releases reports: This release contains 1 security fix: 1358134 High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 Google is aware that an exploit of CVE-2022-3075 exists in the wild...

9.6CVSS1.9AI score0.0568EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/08/31 12:0 a.m.26 views

Matrix clients -- several vulnerabilities

Matrix developers report: The vulnerabilities give an adversary who you share a room with the ability to carry out a denial-of-service attack against the affected clients, making it not show all of a user's rooms or spaces and/or causing minor temporary corruption...

8.2CVSS4.1AI score0.0094EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/08/30 12:0 a.m.68 views

FreeBSD -- zlib heap buffer overflow

Problem Description: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Impact: Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in...

9.8CVSS2.7AI score0.1593EPSS
Exploits1
FreeBSD
FreeBSD
added 2022/08/30 12:0 a.m.67 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Service Group IP allow-list not fully respected by the Package Registry Abusing Gitaly.GetTreeEntrie...

9.9CVSS1.7AI score0.86194EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2022/08/30 12:0 a.m.188 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 24 security fixes, including: 1340253 Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28 1343348 High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang@eternalsakura...

8.8CVSS7.2AI score0.24738EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2022/08/29 12:0 a.m.20 views

advancecomp -- Multiple vulnerabilities

GitHub advisories reports: Multiple vulnerabilities found in advancecomp including: Three segmentation faults. Heap buffer overflow via leuint32read at /lib/endianrw.h. Three more heap buffer overflows...

5.5CVSS3.4AI score0.00448EPSS
Exploits7References7
FreeBSD
FreeBSD
added 2022/08/23 12:0 a.m.53 views

gitea -- multiple issues

The Gitea team reports: Remove ReverseProxy authentication from the API Support Go Vulnerability Management Forbid HTML string tooltips...

1.9AI score
Exploits0References2
FreeBSD
FreeBSD
added 2022/08/23 12:0 a.m.15 views

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: Fix a possible overflow and crash in the ARP analyzer when receiving a specially crafted packet. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability. Fix a possible overflow and crash in the...

0.9AI score
Exploits0References1
FreeBSD
FreeBSD
added 2022/08/23 12:0 a.m.20 views

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation...

6.5CVSS2.5AI score0.0119EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/08/22 12:0 a.m.37 views

rpm4 -- Multiple Vulnerabilities

rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...

6.7CVSS1.9AI score0.00491EPSS
Exploits2
Total number of security vulnerabilities6581