Lucene search
K
FreebsdRecent

6581 matches found

FreeBSD
FreeBSD
•added 2021/10/04 12:0 a.m.•28 views

hiredis -- integer/buffer overflow

hiredis maintainers report: Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data. When parsing multi-bulk array-like replies, hiredis fails to check if count sizeofredisReply can be represented in SIZEMAX. If it can not, and the callo...

8.8CVSS2.6AI score0.02045EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/09/30 12:0 a.m.•37 views

chromium -- multiple vulnerabilities

Chrome Releases/Stable updates reports: This release contains 4 security fixes, including: 1245578 High CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01 1252918 High CVE-2021-37975: Use after free in...

8.8CVSS0.1AI score0.34887EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/09/30 12:0 a.m.•41 views

Gitlab -- vulnerabilities

Gitlab reports: Stored XSS in merge request creation page Denial-of-service attack in Markdown parser Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown DNS Rebinding vulnerability in Gitea importer Exposure of trigger tokens on project exports Improper access control for...

8.7CVSS1AI score0.01227EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/09/29 12:0 a.m.•16 views

Cleartext leak in libudisks

From libudisks 2.9.4 NEWS: udiskslinuxblock: Fix leaking cleartext block interface...

1.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/27 12:0 a.m.•26 views

libmysoft -- Heap-based buffer overflow vulnerability

Zhengjie Du reports: There are some heap-buffer-overflows in mysofa2json of libmysofa. They are in function loudness, mysofacheck and readOHDRHeaderMessageDataLayout...

9.8CVSS3.1AI score0.01035EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/09/26 12:0 a.m.•255 views

OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand

OpenBSD Project reports: sshd8 from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as ...

7CVSS2.2AI score0.02367EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2021/09/24 12:0 a.m.•36 views

chromium -- use after free in Portals

Chrome Releases reports: 1251727 High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21 Google is aware that an exploit for CVE-2021-37973 exists in the wild...

9.6CVSS0.2AI score0.11735EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/21 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update contains 19 security fixes, including: 1243117 High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24 1242269 High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23 1223290 Hi...

8.8CVSS0.9AI score0.01662EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/09/20 12:0 a.m.•29 views

webkit2-gtk3 -- multiple vulnerabilities

The WebKitGTK project reports vulnerabilities: CVE-2021-30858: Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS3.1AI score0.13486EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/16 12:0 a.m.•101 views

Apache httpd -- multiple vulnerabilities

The Apache project reports: moderate: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 moderate: NULL pointer dereference in httpd core CVE-2021-34798 moderate: modproxyuwsgi out of bound read CVE-2021-36160 low: apescapequotes buffer overflow CVE-2021-39275 high: modprox...

9.8CVSS2AI score0.99999EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2021/09/15 12:0 a.m.•57 views

cURL -- Multiple vulnerabilities

The cURL project reports: UAF and double-free in MQTT sending CVE-2021-22945 Protocol downgrade required TLS bypassed CVE-2021-22946 STARTTLS protocol injection via MITM CVE-2021-22945...

9.1CVSS3AI score0.06216EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2021/09/15 12:0 a.m.•48 views

seatd-launch -- privilege escalation with SUID

Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUI...

8.8CVSS2.9AI score0.01029EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/15 12:0 a.m.•209 views

Grafana -- Snapshot authentication bypass

Grafana Labs reports: Unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key If the snapshot "publicmode" configuration setting is set to true vs default of false,...

9.8CVSS3.8AI score0.99888EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/09/13 12:0 a.m.•24 views

tcpslice -- heap-based use-after-free in extract_slice()

The Tcpdump Group reports: heap-based use-after-free in extractslice...

5.5CVSS0.6AI score0.0087EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/09/13 12:0 a.m.•69 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release includes 11 security fixes, including: 1237533 High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06 1241036 High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theo...

9.6CVSS0.64546EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2021/09/09 12:0 a.m.•21 views

py39-rencode -- infinite loop that could lead to Denial of Service

NIST reports: The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

7.5CVSS7.5AI score0.05566EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/09/06 12:0 a.m.•24 views

cryptopp -- ElGamal implementation allows plaintext recovery

Crypto++ 8.6 release notes reports: The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the...

5.9CVSS2.5AI score0.01157EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/09/04 12:0 a.m.•9 views

WeeChat -- Crash when decoding a malformed websocket frame in relay plugin.

The WeeChat project reports: Crash when decoding a malformed websocket frame in relay plugin...

1.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2021/09/04 12:0 a.m.•13 views

MPD5 PPPoE Server remotely exploitable crash

Version 5.92 contains security fix for PPPoE servers. Insufficient validation of incoming PPPoE Discovery request specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 5.0. Installations not using PPPoE server...

3.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/09/02 12:0 a.m.•21 views

Pillow -- Regular Expression Denial of Service (ReDoS)

GitHub Advisory Database reports: Uncontrolled Resource Consumption in pillow. The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. References: https://nvd.nist.gov/vuln/detail/CVE-2021-23437...

7.5CVSS1.4AI score0.03154EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/31 12:0 a.m.•39 views

Gitlab -- Vulnerabilities

Gitlab reports: Stored XSS in DataDog Integration Invited group members continue to have project access even after invited group is deleted Specially crafted requests to apollouploadserver middleware leads to denial of service Privilege escalation of an external user through project token Missing...

5.3CVSS5.1AI score0.00908EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/31 12:0 a.m.•30 views

py-matrix-synapse -- several vulnerabilities

Matrix developers report: This release patches two moderate severity issues which could reveal metadata about private rooms: CVE-2021-39164: Enumerating a private room's list of members and their display names. CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members...

3.5CVSS2.5AI score0.01457EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/31 12:0 a.m.•59 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 27 security fixes, including: 1233975 High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang @eternalsakura13 and koocola @alocook of 360 Alpha Lab on 2021-07-28 1235949 High CVE-2021-30607: Use after free in Permissions. Reported by...

8.8CVSS0.2AI score0.0559EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/31 12:0 a.m.•52 views

Node.js -- August 2021 Security Releases (2)

Node.js reports: npm 6 update - node-tar, arborist, npm cli modules These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal...

8.6CVSS2.7AI score0.15014EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/30 12:0 a.m.•41 views

Python -- multiple vulnerabilities

Python reports: bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and...

6.8CVSS2AI score0.19433EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/30 12:0 a.m.•40 views

Python -- multiple vulnerabilities

Python reports: bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n...

6.8CVSS3.7AI score0.19433EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2021/08/30 12:0 a.m.•41 views

Python -- multiple vulnerabilities

Python reports: bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-41180: Add auditing events to the marshal module, and stop raising code.init events for every unmarshalled code object. Directly instantiated code objects will continue to...

6.8CVSS1.4AI score0.19433EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/27 12:0 a.m.•39 views

consul -- rpc: authorize raft requests

Hashicorp reports: HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation...

8.8CVSS2.7AI score0.01149EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/26 12:0 a.m.•12 views

zeek -- several vulnerabilities

Tim Wojtulewicz of Corelight reports: Paths from log stream make it into system unchecked, potentially leading to commands being run on the system unintentionally. This requires either bad scripting or a malicious package to be installed, and is considered low severity. Fix potential unbounded...

1.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/26 12:0 a.m.•32 views

libssh -- possible heap-buffer overflow vulnerability

libssh security advisories: The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

6.5CVSS2.4AI score0.04683EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2021/08/25 12:0 a.m.•36 views

py-tflite -- denial of service vulnerability

Yakun Zhang of Baidu Security reports: An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service...

7.8CVSS5.8AI score0.00165EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/24 12:0 a.m.•36 views

FreeBSD -- libfetch out of bounds read

Problem Description: The passive mode in FTP communication allows an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for p == '\0' one byte too late because...

9.1CVSS2.9AI score0.02637EPSS
Exploits1
FreeBSD
FreeBSD
•added 2021/08/24 12:0 a.m.•108 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: SM2 Decryption Buffer Overflow CVE-2021-3711: High Read buffer overruns processing ASN.1 strings CVE-2021-3712: Moderate...

9.8CVSS2.5AI score0.87816EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2021/08/24 12:0 a.m.•24 views

FreeBSD -- Remote code execution in ggatec(8)

Problem Description: The ggatec8 daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec8. Impact: A malicious ggated8 or an attacker in a priviledged network position can overwrite the stack with crafted content and...

8.1CVSS5.1AI score0.01578EPSS
Exploits0
FreeBSD
FreeBSD
•added 2021/08/24 12:0 a.m.•25 views

FreeBSD -- Missing error handling in bhyve(8) device models

Problem Description: Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. Impact...

7.8CVSS2.7AI score0.00286EPSS
Exploits0
FreeBSD
FreeBSD
•added 2021/08/23 12:0 a.m.•39 views

Matrix clients -- several vulnerabilities

Matrix developers report: Today we are disclosing a critical security issue affecting multiple Matrix clients and libraries including Element Web/Desktop/Android, FluffyChat, Nheko, Cinny, and SchildiChat. Specifically, in certain circumstances it may be possible to trick vulnerable clients into...

5.9CVSS0.7AI score0.00662EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/18 12:0 a.m.•32 views

go -- archive/zip: overflow in preallocation check can cause OOM panic

The Go project reports: An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is...

7.5CVSS2.2AI score0.06934EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/16 12:0 a.m.•71 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 9 security fixes, including: 1234764 High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 1234770 High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 1231134 High CVE-2021-30600: Use after fr...

8.8CVSS8.9AI score0.07003EPSS
Exploits6References1
FreeBSD
FreeBSD
•added 2021/08/12 12:0 a.m.•40 views

PostgreSQL server -- Memory disclosure in certain queries

The PostgreSQL Project reports: A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS2.7AI score0.0142EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/11 12:0 a.m.•37 views

Node.js -- August 2021 Security Releases

Node.js reports: cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which c...

9.8CVSS0.7AI score0.21952EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2021/08/10 12:0 a.m.•29 views

fetchmail -- STARTTLS bypass vulnerabilities

Problem: In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation...

5.9CVSS2.3AI score0.00925EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/09 12:0 a.m.•18 views

couchdb -- user privilege escalation

Cory Sabol reports: A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will ...

6.8CVSS1AI score0.01187EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/07 12:0 a.m.•13 views

lynx -- SSL certificate validation error

Axel Beckert reports: ... I was able to capture the password given on the commandline in traffic of an TLS handshake using tcpdump and analysing it with Wireshark:...

1.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/03 12:0 a.m.•30 views

Gitlab -- Gitlab

Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth...

6.6CVSS2AI score0.00844EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/08/02 12:0 a.m.•39 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 10 security fixes, including: 1227777 High CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09 1229298 High CVE-2021-30591: Use after free in File System API. Reported by SorryMybad...

8.8CVSS0.0282EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2021/07/30 12:0 a.m.•32 views

mod_auth_mellon -- Redirect URL validation bypass

Jakub Hrozek reports: Version 0.17.0 and older of modauthmellon allows the redirect URL validation to be bypassed by specifying an URL formatted as ///fishing-site.example.com/logout.html...

6.1CVSS2.5AI score0.01423EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/29 12:0 a.m.•31 views

Node.js -- July 2021 Security Releases (2)

Node.js reports: Use after free on close http2 on stream canceling High CVE-2021-22930 Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior...

9.8CVSS0.9AI score0.37286EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/26 12:0 a.m.•22 views

powerdns -- remotely triggered crash

powerdns reports: PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server...

7.5CVSS2.8AI score0.64857EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/24 12:0 a.m.•19 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.14.6: Bump github.com/markbates/goth from v1.67.1 to v1.68.0 16538 16540 Switch to maintained JWT lib 16532 16535 Upgrade to latest version of golang-jwt as forked for 1.14 16590 16607...

3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2021/07/23 12:0 a.m.•34 views

pjsip -- Race condition in SSL socket server

pjsip reports: There are a couple of issues found in the SSL socket: A race condition between callback and destroy, due to the accepted socket having no group lock. SSL socket parent/listener may get destroyed during handshake...

5.9CVSS0.7AI score0.02082EPSS
Exploits0References1
Total number of security vulnerabilities6581