Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
•added 2025/10/20 12:0 a.m.•6 views

Mongodb -- Use-after-free in the MongoDB

[email protected] reports: An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions...

6.5CVSS7.2AI score0.00246EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/18 12:0 a.m.•6 views

OpenVPN -- avoid buffer overread parsing routes or endpoints

Mikhail Khachaiants reports: socket: reject mismatched address family in getaddrgeneric. Add a family check to prevent copying address data of the wrong type, which could cause buffer over-read when parsing routes or endpoints...

9.1CVSS7.1AI score0.00538EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/17 12:0 a.m.•14 views

minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS

mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same use...

8.1CVSS7.2AI score0.00523EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/10/16 12:0 a.m.•8 views

Hidden/Protected custom variables are prone to filter enumeration

Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it...

6.5CVSS6.9AI score0.00331EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/15 12:0 a.m.•4 views

powerdns-recursor -- cache pollution

PowerDNS Team reports: It has been brought to our attention that the Recursor does not apply strict enough validation of received delegation information. The malicious delegation information can be sent by an attacker spoofing packets...

6.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•8 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.2AI score0.00299EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•6 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bug. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code...

9.8CVSS7.6AI score0.00332EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•7 views

Mozilla -- Out-of-bounds reads and writes

[email protected] reports: A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures...

9.8CVSS6.9AI score0.00385EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•10 views

Mozilla -- Use-after-free

[email protected] reports: Use-after-free in MediaTrackGraphImpl::GetInstance...

9.8CVSS7AI score0.00465EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•6 views

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.5AI score0.00306EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•8 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 447192722 High CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine on 2025-09-25...

8.8CVSS7.2AI score0.00419EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•6 views

Mozilla -- Memory disclosure

[email protected] reports: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

9.8CVSS6.9AI score0.00385EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•11 views

Mozilla -- XSS in sites without content-type header

[email protected] reports: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a...

6.1CVSS6.2AI score0.0025EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/14 12:0 a.m.•5 views

Mozilla -- JavaScript Object property overriding

[email protected] reports: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.9AI score0.0021EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/13 12:0 a.m.•8 views

zeek -- information leak vulnerability

Tim Wojtulewicz of Corelight reports: The KRB analyzer can leak information about hosts in analyzed traffic via external DNS lookups...

6.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/09 12:0 a.m.•13 views

Mailpit -- Performance information disclosure

Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime information memory usage, goroutine counts, GC behavior, uptime and potential runtime flags due to the Prometheus client library dependency...

6.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/09 12:0 a.m.•8 views

py-social-auth-app-django -- Unsafe account association

Michal ÄŒihaÅ™ reports: Upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail...

6.3CVSS7AI score0.00514EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/08 12:0 a.m.•7 views

Gitlab -- vulnerabilities

Gitlab reports: Incorrect authorization issue in GraphQL mutations impacts GitLab EE Denial of Service issue in GraphQL blob type impacts GitLab CE/EE Missing authorization issue in manual jobs impacts GitLab CE/EE Denial of Service issue in webhook endpoints impacts GitLab CE/EE...

7.7CVSS7AI score0.00496EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/10/07 12:0 a.m.•5 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 443196747 High CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab on 2025-09-05 446722008 High CVE-2025-11460: Use after free in Storage. Reported by Sombra on 2025-09-23 441917796 Medium CVE-2025-11211: Ou...

8.8CVSS7.7AI score0.00356EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/10/03 12:0 a.m.•11 views

redis,valkey -- Out of bound read due to a bug in LUA

redis reports: An authenticated user may use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting An additional workaround to mitigate the problem without patching the...

7.1CVSS6.9AI score0.01023EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/03 12:0 a.m.•8 views

redis,valkey -- Running Lua function as a different user

redis reports: An authenticated user may use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem withou...

7.3CVSS6.9AI score0.00701EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/03 12:0 a.m.•13 views

redis,valkey -- Lua Use-After-Free may lead to remote code execution

redis reports: An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem...

9.9CVSS7.5AI score0.86767EPSS
Exploits14References1
FreeBSD
FreeBSD
•added 2025/10/03 12:0 a.m.•5 views

redis,valkey -- Lua library commands may lead to integer overflow and potential RCE

redis reports: An authenticated user may use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem without patching the redis-server...

8.8CVSS7.2AI score0.03692EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/10/02 12:0 a.m.•9 views

fetchmail -- potential crash when authenticating to SMTP server

Matthias Andree reports: fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will...

5.9CVSS7.3AI score0.00384EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2025/10/01 12:0 a.m.•14 views

LibreSSL -- overwrite and -read vulnerability

The LibreSSL project reports: An incorrect length check can result in a 4-byte overwrite and an 8-byte overread...

7.5CVSS7AI score0.01744EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/10/01 12:0 a.m.•8 views

Vulnerability found in Expat

Expat 2.8.1 was released yesterday. The key motivation for cutting a release and doing so now was: Fixing vulnerability CVE-2026-45186 that allows easy denial of service. See also https://github.com/libexpat/libexpat/pull/1216...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/10/01 12:0 a.m.•10 views

Django -- multiple vulnerabilities

Django reports: CVE-2025-59681: Potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB. CVE-2025-59682: Potential partial directory-traversal via archive.extract...

9.8CVSS8AI score0.0085EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/30 12:0 a.m.•9 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 21 security fixes: 442444724 High CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02 444755026 High CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl on 2025-09-12 428189824 Medium...

8.8CVSS7.5AI score0.00356EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/30 12:0 a.m.•4 views

Firefox -- Sandbox escape due to integer overflow

https://bugzilla.mozilla.org/showbug.cgi?id=1987246 reports: Sandbox escape due to integer overflow in the Graphics: Canvas2D component...

8.6CVSS7.3AI score0.00252EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/30 12:0 a.m.•5 views

Firefox -- Sandbox escape

[email protected] reports: Sandbox excape due to integer overflow in the Graphics: Canvas2D component...

8.6CVSS7.3AI score0.00252EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/30 12:0 a.m.•3 views

Firefox -- JIT miscompilation in the JavaScript Engine

[email protected] reports: JIT miscompilation in the JavaScript Engine: JIT component...

7.5CVSS7AI score0.00217EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/30 12:0 a.m.•16 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports reports: Out-of-bounds read & write in RFC 3211 KEK Unwrap Timing side-channel in SM2 algorithm on 64-bit ARM Fix Out-of-bounds read in HTTP client noproxy handling...

7.5CVSS7AI score0.02234EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/25 12:0 a.m.•8 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2025-9866: Determine whether to bypass redirect checks per request CVE-2025-10200: Use after free in Serviceworker CVE-2025-10201: Inappropriate implementation in Mojo CVE-2025-10500: Use after free in Dawn...

9.1CVSS7.3AI score0.06608EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/25 12:0 a.m.•9 views

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE...

8.8CVSS6.6AI score0.00573EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/24 12:0 a.m.•7 views

openvpn-devel -- script injection vulnerability from trusted but malicious server

Gert Doering reports: Notable changes beta1 - beta2 are: ... add proper input sanitation to DNS strings to prevent an attack coming from a trusted-but-malicous OpenVPN server CVE: 2025-10680, affects unixoid systems with --dns-updown scripts and windows using the built-in powershell call Lev...

8.8CVSS7.6AI score0.06932EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/09/23 12:0 a.m.•8 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 430336833 High CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović SharpEdged on 2025-07-09 443765373 High CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep on 2025-09-09 444048019...

9.1CVSS7.1AI score0.06608EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/18 12:0 a.m.•5 views

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...

3.7CVSS7AI score0.00271EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/17 12:0 a.m.•10 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 445380761 High CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16 435875050 High CVE-2025-10500: Use after free in Dawn. Reported by Giunash Gyujeong Jin on 2025-08-03 440737137 High...

9.8CVSS7.7AI score0.05419EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/09/17 12:0 a.m.•11 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3618 / CVE-2025-5115 HTTP/2 denial of service vulnerability in bundled Jetty Medium SECURITY-3594 / CVE-2025-59474 Missing permission check allows obtaining agent names Medium SECURITY-3625 / CVE-2025-59475 Missing permission check in...

7.7CVSS7.1AI score0.04735EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/17 12:0 a.m.•4 views

expat -- dynamic memory allocations issue

expat security advisory: libexpat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

7.5CVSS6.9AI score0.01279EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•5 views

Mozilla -- Memory safety bugs

[email protected] reports: Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.2AI score0.00306EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•4 views

Mozilla -- integer overflow

[email protected] reports: Integer overflow in the SVG component...

8.8CVSS7.3AI score0.00687EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•4 views

Mozilla -- Incorrect boundary conditions

[email protected] reports: The vulnerability has been assessed to have moderate impact on affected systems, potentially allowing attackers to exploit incorrect boundary conditions in the JavaScript Garbage Collection component. In Thunderbird specifically, these flaws cannot be exploited throu...

6.5CVSS6.7AI score0.00291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•4 views

Mozilla -- Sandbox escape due to use-after-free

[email protected] reports: Sandbox escape due to use-after-free...

7.3CVSS7AI score0.00329EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•6 views

Firefox -- Mitigation bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1978453 reports: Mitigation bypass in the Web Compatibility: Tooling component...

5.4CVSS7AI score0.00255EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•6 views

Firefox -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1970490 reports: Same-origin policy bypass in the Layout component...

6.5CVSS7AI score0.00281EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•6 views

Mozilla -- Information disclosure

[email protected] reports: This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

6.2CVSS6.5AI score0.00154EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•5 views

Mozilla -- spoofing

[email protected] reports: Spoofing issue in the Site Permission component...

8.1CVSS7AI score0.00328EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•5 views

Mozilla -- mitigation bypass vulnerability

[email protected] reports: The vulnerability has been rated as having moderate impact, affecting both confidentiality and integrity with low severity, while having no impact on availability. For Thunderbird specifically, the vulnerability cannot be exploited through email as scripting is...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/09/16 12:0 a.m.•4 views

Firefox -- Integer overflow in the SVG component

https://bugzilla.mozilla.org/showbug.cgi?id=1980788 reports: Integer overflow in the SVG component...

8.8CVSS7.3AI score0.00687EPSS
Exploits0References1
Total number of security vulnerabilities6578